Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes "While there has been a port of Tor for jailbroken iOS devices for a long time, there was no way to use it if you did not want to lose your warranty. Now it looks like Apple has approved a Web browser for the iPad called Covert Browser, which includes a Tor client. If you look at the first screenshot on the author's page it looks like you can even select the Exit node. According to App Shopper it already hit place 64 in the iPad/Utilites category." And from another (of course) anonymous reader comes a link to CmdrTaco's take on another instance of Tor breaking into the world of "real users." As he notes, the Tor Cloud Project has posted simple instructions for installing EC2 Tor nodes using free-tier VMs (or paid nodes for roughly $30/month).

It's already the case that if you're running an exit node, someone can do something very illegal via your connection - and that's always going to be the case with any system of this kind. So while that journal is kind of interesting, I don't think it really changes the proposition any.

Sure it does, look at it this way: You are attacker Andy and you know Bob runs an exit node. Now you don't like Bob, you think he's a douche. so you use the trick outlined in TFA to route a BUNCH of nasty activity through Bob's node, so that the government takes notice. Sure EVENTUALLY Bob will be cleared, but how long will he be in PMITA prison before that day comes?

Before anybody says that can't happen don't forget a guy in FLA basically lost 2 years of his life and over $300,000 in legal fees because th

I'm not saying that can't happen, I'm saying how is Bob at any more risk from that than without it? If Bob's worried about getting sent to prison because lots of CP gets downloaded through his connection, that's going to happen any time he runs a tor exit node (or I2P, or any similar system), with or without this behaviour.

YOU DO NOT LOOSE YOUR WARRANTY UNLESS, your modifications were directly and significantly attributable to the malfunction of the device. This is established law. Jailbreaking is does not violate your warranty. There's even an exemption to the DMCA to allow you to break it to enable other content and providers.

A priori, Covert Browser cannot be trusted nearly so much as the real Tor project because Covert Browser is closed source. You might trust Roger Dingledine personally though because he's a big wig in the Tor Project. I'd hope he permits others within the Tor Project to review his code and he verifies that Apple hasn't recompiled Covert Browser with modifications.

Is it just me or does clustering a large number of Tor nodes in a small handful of commercial data centers sort of defeat the purpose when it comes to packet sniffing, anonymity (commercial service has physical + RAM access) and bypassing regional censorship?

If user A goes through Tor node B and exits at node C, and B and C are both hosted on EC2 where everything that happens on B and C could be secretly logged for all we know...A isn't very anonymous is he?

There *is* real privacy concern if many Tor nodes move to one cloud provider, and particularly if the Tor nodes are the first and last hop of the chain. In fact, we have a project called "Cloud-based Onion Routing" (COR) that looks at this problem.

COR discusses some policy approaches to make deployment on *multiple* cloud providers safer, as well as introducing another layer of indirection that makes Tor/COR market-friendly: We can sell (or give away) access to this higher-performance COR network, while sti

I seriously question whether Tor is even a useful service anymore. Any government spook agency can start up a whole fleet of exit nodes, and mine the data they get through them, as can anyone else, really.

That's true for plaintext traffic, but if you use HTTPS with an anti-MITM plugin like Perspectives/Convergence, and assuming the government in question can't get free and easy access to the site's private key (big assumption, I know), then traffic sniffing isn't possible.

More importantly, it can make connections untraceable, and if you don't send any identifiable information through the connection, then it doesn't matter if the contents can be seen.

That said I think I2P is better both for darknet hosting and anonymization, it has a number of technical advantages over Tor.

I think that snooping is going to be a bit harder than some think unless a government is willing to sniff every connection on the network. Now, if half of the relay nodes end up on EC2 as a result of this article then that is a different story - if Amazon lets them snoop the RAM of these nodes without a warrant then they can probably get the keys to half the network.

My understanding is that most of Tor's weaknesses stem from one of its requirements - providing access to the general internet. It has many c

In the case against me? And they picked me, John Q. Randomdude, as the suspect because ???

Any number of reasons already stated in this discussion that might lead to your exposure to a government. If you're within driving distance of a specific unsecured wifi, you can no longer convincingly deny that you would even be using that wifi, and it becomes another piece in an investigation. You're a fool if you think you can truly be anonymous on the internet. All you can do is throw up enough roadblocks to make yourself not worth going after unless you've done something truly egregious.

OPs method is pretty anonymous. How would you reverse it? You'd have to get caught on camera somewhere, say if you walked into the library to use it and they had security cams and the investigator pulls the tape assuming its still available and sees you physically there using the wifi, but I think OP is talking a little more remote than my simple example. Further, if you access an AP and it logs your MAC, the MAC record can be traced to your NIC's MAC. macmakeup.exe takes care of this in under 1 mb of h

But u cant load backtrack or any of the related software, why would you try to crack an open AP? Laptops are still quite useful, they ship with i7s nowadays if you have the $. Helps a lot when your time is worth something:)

You're thinking that I meant using the open wifi AP was going to be the only anonymization measure. Well that's silly, I was thinking something more like using Tor while on an open wifi AP.

But never mind that. Let's say the open wifi AP is the only measure. Does living within driving distance make me a suspect? What about the hundreds of thousands or millions of other people within driving distance, including international travellers? By your logic no murd

Then be specific about what distance you're talking about. A certain wifi being only two or three blocks away ("within driving distance"), combined with circumstantial evidence against you, gives investigators another piece to their puzzle.

How would they get circumstantial evidence against you? That aside, what does this have to do with anonymity on the internet? Them saying that you're within driving distance of an open WiFi doesn't mean that there is no anonymity on the internet (not that I am saying that there is).

Not only that, but I find that there's a lot of nefarious traffic going on over TOR. Last few times I've tried it, visited 4Chan, and found that the particular IP of my exit node had been banned for uploading child porn. Now i realize that every technology like this will have bad uses and good uses. but I'd think twice about hosting an exit node, unless you enjoy the SWAT team knocking down your door at 3 AM.

Hasn't happened that many times from what I've read. Just a handful of incidents to report. I have run an exit node. I haven't run one for more than three or four months. This was a US exit node. The thing you will get if you run an exit node that isn't properly setup is RIAA/MPAA dmca take down requests. The requests don't make any sense since you aren't hosting anything. Your ISP is unlikely to accept this though so you do need to set it up properly; All your ISPs cares about is not getting those stupid r

Because in some countries any kind of porn is deemed illegal, as is much of the conversation on 4chan. 4chan is the home of "anonymous". In some places just visiting sites with such associations could lead to an investigation if someone doesn't like you. Personally, I was just testing out Tor and visited a bunch of sites, some for no particular reason at all.

Resident, no, that doesn't happen, it will pass through your system (fully encrypted) but not be stored on it. On Freenet it's a different matter.

And no, there's no way to run a darknet without facilitating the exchange of child porn. If you think the negatives of enabling child porn are worse than the positives of enabling free speech, then don't participate, It's an understandable and respectable decision.

Why does free speech have to be anonymous? The freedoms we have today are because people have stood up publicly and announced that they are not happy with the status quo. When all the people protesting are faceless anonymous people hiding behind computers, it doesn't really count as free speech. People should be free from prosecution from what they say not because they are good at hiding, but because it is a fundamental right. The people shouldn't require technological measures to protect themselves. G

It's a practical vs. idealist question. Ideally free speech should not have to be anonymous. Practically it does, because the idealists who use their real names end up ruined or in jail. Also ideally protests should change things. Practically, not so much. [wired.com]

Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society.

The same could be said for any network. I bet more than a few people have shared CP over Starbuck's Wifi. Should they be held responsible? I also bet that every ISP in existence has had a few CP users as subscribers, but I wouldn't think twice about starting an ISP, if I were so inclined.

And this isn't unique to anonymous networks anyway. Remember limewire? Ever look at the incoming searches? Full of filth.

That's not so much a problem with Tor specifically as it is with the user's browser (although as I've said before, I2P addresses many of Tor's weaknesses).

It takes an expert to set up a truly untraceable browser (you think a fresh-booted LiveCD's standard Firefox install is untraceable? LOL!). Any one little slip up could ruin it all. Your average user is going to connect to Tor using a wide-open cache-laden stock browser, complete with Facebook cookie. Or if we're real lucky, they'll enable Private Browsin

Sounds like you had your browser pointed directly at the Tor proxy. You're supposed to point it at a caching proxy server which then goes through the Tor proxy, acting like a "download accelerator" by aggressively fetching data to produce a reliable output. Still not perfect, but hitting Refresh never killed anyone.

Because you voted for curated computing with your wallet and that's what you got. Oh you wanted to just compile an existing Tor client and browser yourself? Too bad. Jailbreak and lose your warranty or pay up for a dev license.

In windows TOR binds to localhost (127.0.0.1) and you can channel any traffic through it, not sure how it runs on apple, but if there is a localhost on an ipad for Tor to use, you can channel any app that supports proxying through 127.0.0.1, but I'm speaking from a windows environment... ipads tend to be a bit more locked down, no idea though, just throwing it out there.